Welcome to LiteFi Limited. This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our lending and credit services. Your privacy is important to us. We are committed to safeguarding your personal information and handling it with care and transparency.
This policy applies to all personal data collected through our website (litefi.ng), mobile applications, physical application forms, and any other means through which you interact with LiteFi Limited. We operate in Nigeria and are committed to complying with the Nigeria Data Protection Act (NDPA) 2023, the Lagos State Money Lenders Law, and other relevant Nigerian laws and regulations. As privacy expert Daniel J. Solove noted, "Privacy is not about having something to hide. It is about having something to protect." For LiteFi, that protection underpins our operations.
This policy applies to all personal data processed by LiteFi Limited, regardless of the method or location of collection and storage. This includes, but is not limited to, data relating to our past, present, and prospective clients, employees, contractors, suppliers, and any other individuals whose personal data we handle. Every member of staff, contractor, and third party working with or on behalf of LiteFi Limited must strictly adhere to the provisions of this policy.
The NDPA 2023, as clarified by the GAID 2025, has an extraterritorial application, meaning it protects personal data of individuals within Nigeria, those whose data has been transferred to Nigeria, or data in transit through Nigeria, and even Nigerian citizens abroad under certain conditions.
LiteFi Limited upholds the core principles for processing personal data as stipulated in the NDPA 2023. These principles guide all our data handling practices:
We process personal data lawfully, fairly, and in a transparent manner. This involves clearly identifying a valid lawful basis for processing, such as the data subject's consent, contractual necessity, legal obligation, vital interests, public task, or our legitimate interests, ensuring the data subject is fully informed. We ensure consent is freely given, specific, informed, and unambiguous, without relying on silence or inactivity.
Personal data is collected for specified, explicit, and legitimate purposes. We do not process data in a manner incompatible with the original stated purposes. For example, personal information gathered for a service agreement will not be used for unrelated marketing without explicit and separate consent.
We only collect personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed. Our processes are designed to avoid the collection of excessive or irrelevant data.
We strive to ensure personal data is accurate, complete, non-misleading, and kept up-to-date. We implement mechanisms for individuals to correct or update their information and promptly rectify or erase inaccurate data upon discovery or notification.
Personal data is not retained for longer than necessary to fulfill the purposes for which it was collected or as required by law. Our data retention schedules are regularly reviewed to ensure compliance with this principle. The GAID 2025 suggests a default deletion within six months after fulfilling the original purpose if no time-bound obligation exists.
We process personal data in a manner that ensures appropriate security against unauthorised or unlawful processing and against accidental loss, destruction, or damage. This is achieved through robust technical and organisational measures, protecting data availability, confidentiality, and integrity.
LiteFi Limited is responsible for demonstrating compliance with the NDPA principles. We maintain records of our data processing activities, implement data protection by design and default, and conduct Data Protection Impact Assessments (DPIAs) where processing is likely to result in a high risk to data subjects' rights and freedoms.
Under the NDPA 2023, individuals have enhanced rights regarding their personal data. LiteFi Limited fully supports and facilitates the exercise of these rights:
Individuals have the right to be informed about the collection and use of their personal data. Our privacy notices are designed to be clear, concise, and easily accessible, providing all required information as per NDPA Section 27.
Individuals can request confirmation of whether their personal data is being processed, and if so, access to that data and related information about the processing purposes, categories of data, recipients, retention periods, and source. We will respond to SARs promptly, typically within one month.
Individuals have the right to request the correction of inaccurate or incomplete personal data. We will rectify data without undue delay upon verification.
Individuals can request the deletion or removal of their personal data where there is no compelling reason for its continued processing. This applies in specific situations, such as when data is no longer necessary for its original purpose or consent is withdrawn.
Individuals have the right to request the restriction of processing of their personal data in certain circumstances, for example, if they contest the accuracy of the data or object to its processing. When restricted, data can only be stored, not actively processed.
Individuals have the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit that data to another data controller without hindrance. This right applies to data processed by automated means based on consent or a contract.
Individuals have the right to object to the processing of their personal data in certain situations, including processing based on legitimate interests or for direct marketing. We will cease processing unless we can demonstrate compelling legitimate grounds that override the individual's interests, rights, and freedoms, or for the establishment, exercise, or defence of legal claims.
Individuals have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning them or significantly affects them. LiteFi Limited ensures appropriate safeguards, including human intervention and the right to express one's point of view.
The GAID 2025 introduces a regime for vulnerable data subjects (e.g., children, elderly, persons with disabilities). Where a data subject is a child or lacks legal capacity, LiteFi Limited will obtain consent from a parent or legal guardian and implement appropriate age and consent verification mechanisms, utilising available technology. All processing involving children will be consistent with Nigeria's Child Rights Act 2003.
LiteFi Limited maintains a comprehensive data retention schedule, ensuring that personal data is kept only for as long as necessary to fulfil its original purpose or to meet legal and regulatory obligations. For instance, financial records are generally retained for six years. Employee records are retained for a period consistent with labour laws. When data is no longer required, it is securely disposed of using methods appropriate to its format (e.g., cross-shredding for physical documents, secure wiping or degaussing for digital media). The GAID 2025's guidance on deleting data within six months post-purpose, where no other time-bound obligation exists, is strictly observed.
LiteFi Limited implements robust technical and organisational measures to ensure the security, integrity, and confidentiality of personal data. Our security measures are designed to be commensurate with the level of risk and include:
LiteFi Limited has a clear and actionable data breach incident response plan. In the event of a personal data breach, we will:
LiteFi Limited ensures that any transfer of personal data outside Nigeria complies with the NDPA 2023's provisions on cross-border data transfers (Section 42). Personal data will only be transferred to a jurisdiction or recipient subject to a law, binding corporate rules, contractual clauses, codes of conduct, or certification mechanisms that afford an adequate level of protection substantially similar to the NDPA. We will regularly consult NDPC guidance on international transfers, including any future adequacy lists or approved transfer mechanisms.
LiteFi Limited is committed to fulfilling all registration and audit requirements set forth by the NDPC. We will engage a licensed Data Protection Compliance Organisation (DPCO) as required by the NDPA and the GAID 2025. Our DPCO will assist us with:
The ultimate responsibility for data protection compliance rests with the Director of LiteFi Limited. However, data protection is a collective responsibility, and all employees must play their part.
This Data Protection Policy will undergo a comprehensive review annually, or more frequently if there are significant legislative changes, NDPC directives, or alterations to LiteFi Limited's data processing activities. The next scheduled review is for July 2026. This ensures our practices remain effective, compliant, and aligned with the evolving Nigerian data protection landscape.
LiteFi Limited is committed to addressing any questions or concerns you may have regarding our data protection practices or the personal data we hold about you. You can exercise your data subject rights or make inquiries by contacting our Data Protection Lead:
📧 By Email: dpo@litefi.ng
📍 By Post: 41 Faramobi Ajike Street, Maryland, Anthony, Lagos
📞 By Phone: +234 810 837 6447
Effective Date: January 1, 2025
Last Updated: January 1, 2025
We aim to respond to all legitimate requests and inquiries promptly and within the timelines stipulated by the NDPA.